mangy1983 51 Posted October 2, 2010 Report Share Posted October 2, 2010 I have to design a website for one of my computing degrees assessments and am in need of a forgotten password script that sends the users password to their email address. All the scripts l have found on Google have all been problematic to the script creator or don't work. So since the Hunting Life seems to have around 30,000 members surely one of us (bar me) knows something about web developing scripts. My website can be seen at http://cmacleod.comp-degree.uhi.ac.uk/ and bear in mind it is a work in progress so there are a few small things to sort out but l have to get the websites design finished by the 2nd of November and the implementation of it done by the 14th December and as we can lose marks if the design and implementation don't match I have started the implementation first being followed up by the design. Cheers for any help Callum Quote Link to post Share on other sites
John Keswick 119 Posted October 2, 2010 Report Share Posted October 2, 2010 (edited) Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. Edited October 2, 2010 by John Keswick Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum Quote Link to post Share on other sites
iamduvern 62 Posted October 2, 2010 Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. Like he says!! Quote Link to post Share on other sites
stabba 10,745 Posted October 2, 2010 Report Share Posted October 2, 2010 Quote Link to post Share on other sites
John Keswick 119 Posted October 2, 2010 Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum What programming language are you using? To simply retrieve a unencrypted password from a database and send it to a user is a peice of piss... Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum What programming language are you using? To simply retrieve a unencrypted password from a database and send it to a user is a peice of piss... Im using a mix of css, javascript and php cheers Callum Quote Link to post Share on other sites
John Keswick 119 Posted October 2, 2010 Report Share Posted October 2, 2010 (edited) Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum What programming language are you using? To simply retrieve a unencrypted password from a database and send it to a user is a peice of piss... Im using a mix of css, javascript and php cheers Callum Ok create your form where the user can enter thier email address. <form action="password.php" method="post"> <input type="text" name="email"> <input type="submit" name="submit" value="Submit"> </form> password.php $email = $_POST['email']; $sql=("SELECT * FROM table where email='$email'") or trigger_error('<p>There seems to be a problem, please try again soon.</p>'); $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mail("$email", 'password recovery', "\n Your password is $row['password'] ." , "From: whoever" ); } Thats the sort of thing i would do. Untested and assumes you have your database set up as collumns email and password. Edited October 2, 2010 by John Keswick Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum What programming language are you using? To simply retrieve a unencrypted password from a database and send it to a user is a peice of piss... Im using a mix of css, javascript and php cheers Callum Ok create your form where the user can enter thier email address. <form action="password.php" method="post"> <input type="text" name="email"> <input type="submit" name="submit" value="Submit"> </form> password.php $email = $_POST['email']; $sql=("SELECT * FROM table where email='$email'") or trigger_error('<p>There seems to be a problem, please try again soon.</p>'); $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mail("$email", 'password recovery', "\n Your password is $row['password'] ." , "From: whoever" ); } Thats the sort of thing i would do. Untested and assumes you have your database set up as collumns email and password. Thanks a lot John I myself have been trawling Google to see if l could find anything I found this link http://www.openscriptsolution.com/2009/10/12/add-forgot-password-feature-for-helpdesk-officer-into-osticket-v1-6-rc5/ In my login script their is an encryption in the form, enctype="application/x-www-form-urlencoded", is this md5 encrytpion? I have not created a Register page yet but I do think the database uses Md5 as l do remember it being covered 2 years ago when we did the intro course cheers Callum Quote Link to post Share on other sites
John Keswick 119 Posted October 2, 2010 Report Share Posted October 2, 2010 Are you sure this is not a trick question that your assignment asks? Passwords stored in a database should be encrypted with at least a md5 hash (32 digit code). If a user requested his or her password be sent, then the password stored in the database cannot be decrypted so sending them the encrypted password would be no good. A better way of doing this to provide unique hashed code in the database. The user enters thier email address and presses go, the script will get the unique hashed code and send this as a link to that email address. The user then follows this unique link, script checks link code. If code matches the user then can then change thier password to what they want. If the database was ever compromised, the passwords are never visible to the thief. Simples. the website is actually what was asked of us, the forgotten password feature is just something l would like to implement into it or another common way is to generate a new password which is sent onwards to the users email address thus allowing the user to login and change their password to what they want it to be. the text resize from page to page has so far been the hardest script to implement but I'm finding the recover password feature next to impossible as there is next to no data on it from a Google search for it cheers Callum What programming language are you using? To simply retrieve a unencrypted password from a database and send it to a user is a peice of piss... Im using a mix of css, javascript and php cheers Callum Ok create your form where the user can enter thier email address. <form action="password.php" method="post"> <input type="text" name="email"> <input type="submit" name="submit" value="Submit"> </form> password.php $email = $_POST['email']; $sql=("SELECT * FROM table where email='$email'") or trigger_error('<p>There seems to be a problem, please try again soon.</p>'); $result = mysql_query($sql); $row = mysql_fetch_assoc($result); mail("$email", 'password recovery', "\n Your password is $row['password'] ." , "From: whoever" ); } Thats the sort of thing i would do. Untested and assumes you have your database set up as collumns email and password. Thanks a lot John I myself have been trawling Google to see if l could find anything I found this link http://www.openscrip...icket-v1-6-rc5/ In my login script their is an encryption in the form, enctype="application/x-www-form-urlencoded", is this md5 encrytpion? I have not created a Register page yet but I do think the database uses Md5 as l do remember it being covered 2 years ago when we did the intro course cheers Callum no, md5 is done in the php code So your registration page will have: $password= $_POST['password']; $password= md5($password); That turns the password from a readable one into a 32 digit hash of the original. Remember though, when checking passwords later for example on a log in page. You need to md5 the user input (password) before you can compare against the one in the database. Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Hi guys I used your form John (thanks again) to input the email address and the following code to sent an email I assume it is working as l am told that l will receive an email with my password but the trouble is no email! I couldn't get the second part of your code to work John so l searched ad found this one instead. Anyone know what could be wrong? cheers Callum <?php session_start(); $dbHost = ''; $dbUser = ''; $dbPass = ''; $dbname = ''; $db = mysql_connect($dbHost,$dbUser,$dbPass); mysql_select_db($dbname,$db); $email=strip_tags($email); if (!preg_match("/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/", $email=$_POST['email'])) { die("<font size=5>Please Enter A valid e-mail address</font>"); } $query="SELECT Email_Address,Forename,Password FROM MEMBERS WHERE Email_Address = '$email'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR> <BR><a href='SIGHNUP.HTML'> Sign UP </a> </center>"; exit;} // formating the mail posting // headers here $headers4="admin@someone.net"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; //$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers; // for html mail un-comment the above line // mail funciton will return true if it is successful if(mail("$em","Your Request for login details","This is in response to your request for login detailst at Holly Faith \n \nLogin ID: $row->Forename \n Password: $row->Password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";} ?> Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Does it have to do with this bit of the code as l never changed it: // headers here $headers4="admin@someone.net"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; //$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers; // for html mail un-comment the above line // mail funciton will return true if it is successful cheers Callum Quote Link to post Share on other sites
John Keswick 119 Posted October 2, 2010 Report Share Posted October 2, 2010 Hi guys I used your form John (thanks again) to input the email address and the following code to sent an email I assume it is working as l am told that l will receive an email with my password but the trouble is no email! I couldn't get the second part of your code to work John so l searched ad found this one instead. Anyone know what could be wrong? cheers Callum <?php session_start(); $dbHost = ''; $dbUser = ''; $dbPass = ''; $dbname = ''; $db = mysql_connect($dbHost,$dbUser,$dbPass); mysql_select_db($dbname,$db); $email=strip_tags($email); if (!preg_match("/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/", $email=$_POST['email'])) { die("<font size=5>Please Enter A valid e-mail address</font>"); } $query="SELECT Email_Address,Forename,Password FROM MEMBERS WHERE Email_Address = '$email'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR> <BR><a href='SIGHNUP.HTML'> Sign UP </a> </center>"; exit;} // formating the mail posting // headers here $headers4="admin@someone.net"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; //$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers; // for html mail un-comment the above line // mail funciton will return true if it is successful if(mail("$em","Your Request for login details","This is in response to your request for login detailst at Holly Faith \n \nLogin ID: $row->Forename \n Password: $row->Password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";} ?> What are your database collumn names? for example the collumn where the email addresses are stored, and password etc? Quote Link to post Share on other sites
mangy1983 51 Posted October 2, 2010 Author Report Share Posted October 2, 2010 Hi guys I used your form John (thanks again) to input the email address and the following code to sent an email I assume it is working as l am told that l will receive an email with my password but the trouble is no email! I couldn't get the second part of your code to work John so l searched ad found this one instead. Anyone know what could be wrong? cheers Callum <?php session_start(); $dbHost = ''; $dbUser = ''; $dbPass = ''; $dbname = ''; $db = mysql_connect($dbHost,$dbUser,$dbPass); mysql_select_db($dbname,$db); $email=strip_tags($email); if (!preg_match("/^([a-zA-Z0-9])+@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)+/", $email=$_POST['email'])) { die("<font size=5>Please Enter A valid e-mail address</font>"); } $query="SELECT Email_Address,Forename,Password FROM MEMBERS WHERE Email_Address = '$email'"; $st=mysql_query($query); $recs=mysql_num_rows($st); $row=mysql_fetch_object($st); $em=$row->email;// email is stored to a variable if ($recs == 0) { // No records returned, so no email address in our table // let us show the error message echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br> Sorry Your address is not there in our database . You can signup and login to use our site. <BR> <BR><a href='SIGHNUP.HTML'> Sign UP </a> </center>"; exit;} // formating the mail posting // headers here $headers4="admin@someone.net"; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n"; //$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers; // for html mail un-comment the above line // mail funciton will return true if it is successful if(mail("$em","Your Request for login details","This is in response to your request for login detailst at Holly Faith \n \nLogin ID: $row->Forename \n Password: $row->Password \n\n Thank You \n \n siteadmin","$headers")){echo "<center><font face='Verdana' size='2' ><b>THANK YOU</b> <br>Your password is posted to your emil address . Please check your mail after some time. </center>";} ?> What are your database collumn names? for example the collumn where the email addresses are stored, and password etc? Email is Email_Address and password is Password and the table is called MEMBERS cheers Callum Quote Link to post Share on other sites
IanB 0 Posted October 2, 2010 Report Share Posted October 2, 2010 The members will be thinking your speaking na' vi john, your not still in pandora Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.